eb477f5cd367c66185c4280d10d1e31b31a0561cc149c0f4cfd6dec43bdb2737

Sharing

Copy URL

Twitter E-mail

General

Target

eb477f5cd367c66185c4280d10d1e31b31a0561cc149c0f4cfd6dec43bdb2737
Size

1.3MB
MD5

bdb9481acb3ff5a509c1f9fdce2d65ee
SHA1

7a3cca9935c80776a38f3b2fb36f71beab97da91
SHA256

eb477f5cd367c66185c4280d10d1e31b31a0561cc149c0f4cfd6dec43bdb2737
SHA512

369288e7361ec3d0398f4abc42e1bd9c21999403f60e287d3f5d0d429d03f542652650a8360ba58cb41cf2a9a976d929c23a3f5d9247ff94754b429f133bd2ca
SSDEEP

24576:nl2ZDBaZPAr1/wWeFbL888kaNeRFCjfM0ZBpQcYt+LmiG/a4R5VC:MuOPqFf0ZBnYCsK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb477f5cd367c66185c4280d10d1e31b31a0561cc149c0f4cfd6dec43bdb2737

Files

eb477f5cd367c66185c4280d10d1e31b31a0561cc149c0f4cfd6dec43bdb2737
.exe windows x86

776e1a020754b3f79cd2a9505b7fa751

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
FreeLibrary
InterlockedDecrement
lstrlenW
LoadLibraryW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
CreateEventW
SetEvent
GetTickCount
GetFileSize
lstrcpyW
lstrcmpiW
CompareStringW
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
WriteFile
InterlockedIncrement
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
TerminateThread
WaitForSingleObject
GetLocalTime
OutputDebugStringW
GetCurrentProcessId
FreeResource
SizeofResource
LockResource
GetProcAddress
FindResourceW
GetVersionExW
ResetEvent
WaitForMultipleObjects
SetFileAttributesW
SetCurrentDirectoryW
CreateProcessW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetTempPathW
GetStdHandle
LoadLibraryExW
GetWindowsDirectoryW
GetSystemDirectoryW
SetFileTime
MoveFileW
CreateDirectoryW
GetShortPathNameW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
GetTempFileNameW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
SetFilePointer
GetFileInformationByHandle
SetEndOfFile
CompareFileTime
FileTimeToSystemTime
OpenProcess
TerminateProcess
GetCurrentProcess
FlushInstructionCache
CopyFileW
ExitProcess
CreateMutexW
GetLastError
EnterCriticalSection
LeaveCriticalSection
CreateFileW
ReadFile
CloseHandle
GetCommandLineW
GetUserDefaultLangID
GetSystemDefaultLangID
GetCurrentThreadId
Sleep
DeleteFileW
LoadResource
GetStartupInfoW

user32

EnableWindow
DrawTextW
MoveWindow
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
GetDC
OffsetRect
CharNextW
SetWindowTextW
UpdateWindow
EndDialog
GetDlgItem
ScreenToClient
SetDlgItemTextW
IsWindowVisible
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
CreateWindowExW
LoadStringW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowW
SetRectEmpty
GetCursorPos
ReleaseCapture
GetCapture
SetCapture
MessageBoxW
PostThreadMessageW
CreateDialogParamW
SetFocus
SetCursor
PtInRect
InvalidateRect
EndPaint
BeginPaint
GetDlgCtrlID
FillRect
DrawFocusRect
GetFocus
GetSysColor
IsWindowEnabled
CharLowerW
GetForegroundWindow
GetParent
GetActiveWindow
ShowWindow
PostMessageW
SetTimer
IsDialogMessageW
PostQuitMessage
DestroyWindow
LoadImageW
GetSystemMetrics
KillTimer
SetForegroundWindow
SendMessageW
IsWindow
GetWindowLongW
DefWindowProcW
SetWindowLongW
CallWindowProcW
CharToOemW
CharUpperW
GetDesktopWindow
DrawIcon
ReleaseDC
FindWindowExW
GetWindowThreadProcessId

gdi32

SetBkMode
CreateBrushIndirect
SetTextColor
CreateCompatibleDC
DeleteObject
DeleteDC
GetStockObject
GetObjectW
CreateFontIndirectW
BitBlt
SelectObject
CreateSolidBrush

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantCopy
SysAllocString

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathFindFileNameW
PathFileExistsW
PathCombineW
StrStrIW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

msvcp60

?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBGI@Z
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_7out_of_range@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

comctl32

InitCommonControlsEx
_TrackMouseEvent

wininet

InternetErrorDlg
InternetOpenW
HttpQueryInfoW
InternetSetStatusCallbackW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetReadFileExA
InternetConnectW

msvcrt

wcscat
vswprintf
_wcslwr
wcscmp
wcspbrk
wcschr
wcstok
swprintf
wcsncmp
wcsncpy
rand
malloc
_wtoi
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_ftol
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_beginthreadex
memmove
wcsstr
free
wcscpy
realloc
_wcsicmp
__CxxFrameHandler
wcslen
_purecall
tolower
wcsrchr
_exit
_controlfp
_onexit
__dllonexit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
_waccess
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ

Sections

.text
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 948KB - Virtual size: 946KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

776e1a020754b3f79cd2a9505b7fa751

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

iphlpapi

msvcp60

psapi

comctl32

wininet

msvcrt

Sections

.text Size: 300KB - Virtual size: 297KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 948KB - Virtual size: 946KB

.text
Size: 300KB - Virtual size: 297KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 948KB - Virtual size: 946KB